[Paul Clark: Re: Draft Internet Security Policy ]
Stephen D Crocker <crocker@tis.com> Fri, 19 October 1990 19:29 UTC
Received: from tis.com by NRI.NRI.Reston.VA.US id aa10809; 19 Oct 90 15:29 EDT
Received: from TIS.COM by TIS.COM (4.1/SUN-5.64) id AA04003; Fri, 19 Oct 90 15:28:46 EDT
Message-Id: <9010191928.AA04003@TIS.COM>
To: spwg@NRI.Reston.VA.US
Subject: [Paul Clark: Re: Draft Internet Security Policy ]
Date: Fri, 19 Oct 1990 15:28:44 -0400
From: Stephen D Crocker <crocker@tis.com>
Status: O
------- Forwarded Message Replied: Thu, 18 Oct 90 23:34:44 -0400 Replied: "Paul Clark <paul@TIS.COM> " Return-Path: paul@TIS.COM Return-Path: <paul@TIS.COM> Received: from SNOW.TIS.COM by TIS.COM (4.1/SUN-5.64) id AA15822; Thu, 18 Oct 90 10:41:16 EDT Message-Id: <9010181441.AA15822@TIS.COM> To: Stephen D Crocker <crocker@TIS.COM> Cc: techies@TIS.COM, paul@TIS.COM Subject: Re: Draft Internet Security Policy In-Reply-To: Your message of Wed, 17 Oct 90 17:07:23 -0400. <9010172107.AA23577@TIS.COM> Date: Thu, 18 Oct 90 10:41:41 -0400 From: Paul Clark <paul@TIS.COM> In reviewing Rich Pethia's document there appeared to be a few omissions. Whether these were deliberate or not I do not know. - Policy Section 1 part 2: It seems unclear who (users, administrators, etc.) is responsible in the event resources are used in an unauthorized fashion during an account breakin. - A more general question related to the preceding is: "To what extent, and under what circumstances, are operators, vendors, and users to be held accountable for breaches in security?" - There is no mention of penalties or enforcement mechanisms within the document. As such a policy statement carries very little weight. Perhaps outline of current legal remedies or other potential actions would be helpful. In general, I found the document to be properly succinct and well organized. I would welcome responses to my criticism. Paul Clark ------- End of Forwarded Message
- [Paul Clark: Re: Draft Internet Security Policy ] Stephen D Crocker